Method and system for providing a trusted platform module in a hypervisor environment
Abstract
A method is presented for implementing a trusted computing environment within a data processing system. A hypervisor is initialized within the data processing system, and the hypervisor supervises a plurality of logical, partitionable, runtime environments within the data processing system. The hypervisor reserves a logical partition for a hypervisor-based trusted platform module (TPM) and presents the hypervisor-based trusted platform module to other logical partitions as a virtual device via a device interface. Each time that the hypervisor creates a logical partition within the data processing system, the hypervisor also instantiates a logical TPM within the reserved partition such that the logical TPM is anchored to the hypervisor-based TPM. The hypervisor manages multiple logical TPM's within the reserved partition such that each logical TPM is uniquely associated with a logical partition.
Claims
exact text as granted — not AI-modified1. A method for implementing a trusted computing environment within a data processing system, the method comprising:
initializing a hypervisor within the data processing system, wherein the hypervisor supervises a plurality of logical, partitionable, runtime environments within the data processing system;
reserving a logical partition for a hypervisor-based trusted platform module (TPM) which provides integrity measurements for a software state of the data processing system;
presenting the hypervisor-based trusted platform module to logical partitions as a virtual device via a device interface;
creating by the hypervisor multiple logical partitions within the data processing system;
instantiating multiple logical TPM's within the reserved partition, wherein the logical TPM's are anchored to the hypervisor-based TPM; and
managing the multiple logical TPM's within the reserved partition such that each logical TPM is uniquely associated with a logical partition.
2. The method of claim 1 further comprising:
receiving from a TPM device driver in one of the logical partitions a trusted platform module functional request on an input queue of the device interface; and
transferring by the hypervisor the queued TPM functional request to the hypervisor-based TPM.
3. The method of claim 1 further comprising:
receiving from the hypervisor-based TPM a trusted platform module functional response on an output queue of the device interface; and
transferring by the hypervisor the queued TPM functional response to the a TPM device driver in one of the logical partitions.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.